Is there a support page that indicates what Windows Updates are safe for install? One of your competitors offers this so we know they have been tested before we apply them.
1 Like
If Windows updates can disrupt your environment, perhaps you should not permit them? The best way to avoid them is to avoid Windows.
IMNSHO, Ignition's number one feature is its cross-platform support. It runs great in Linux. Which allows you to avoid the engineering malpractice of Windows in manufacturing networks.
2 Likes
I totally agree to avoid updates but I don't think it is secure to avoid all of them forever.
Agreed. It is not secure to avoid updates for Windows. Ergo, my advice to avoid Windows.
4 Likes
99% of the time, Windows updates don't cause Ignition any problems because we're running on top of Java, which abstracts away most of the underlying OS details. So we don't have a page that says "yes, this update is safe" because it would be a pointless list of basically every single update.
In the eight years I've been at IA, I can think of two, maybe three instances where a Windows update caused specific problems. Each of those cases were at a 'boundary layer' where we're forced to interact with Windows: COM, and MSSQL's "native" JDBC authentication. If you're not using either of those technologies, I would be surprised if any Windows update caused you problems.
As ever, the real pragmatic advice is: back up your system if you're worried about it, and be prepared to roll back if it does cause problems.
8 Likes
I'm guessing you're talking about Wonderware/Aveva System Platform. One of our customer's cybersecurity team had that same question when they were looking into Ignition. They're now switching over to Ignition on their next plant.
I basically sent them to: https://security.inductiveautomation.com
I also explained that because Ignition is OS agnostic that I've never experienced any issues with any OS updates causing problems because it's not as reliant on or embedded with the underlying OS as much as Wonderware or other HMI/SCADA platforms are.
8 Likes
This feels kind of like that old marketing tactic where a breakfast cereal or whatever would put "guaranteed to contain zero arsenic" on the box.
What's also funny about this all is that there is an update that breaks the Sytem Platform installer (although according to MS this has been fixed now). You get to the license agreement which is an embedded XPS file and it won't let you check the "Accept Agreement" box so you have to run a PowerShell command or edit the registry to enable some compatability settings for XPS files viewed in WPF applications. Then you just have to wait like 1-2 hours for it to all install, then you reboot, and run patches, and reboot again. Finally you restore your backup, and then you're ready to deploy to your AOS servers which you just did the same steps to hopefully in parallel so you're not killing the entire day. LOL
7 Likes
This would be the ideal scenario. An update becomes available, so a time is scheduled to perform a backup and perform the update procedure in a way that poses minimal risk to production, but in my experience, this isn't how it goes with windows even when IT swears they have automatic updates turned off.
What I typically see is a server that has slowed to a crawl with an update manager that is hogging resources. The system has to be rebooted to fix the issue, and the reboot triggers an update with no option to opt out and no option to perform a back up. Even with redundancy in place to cover the reboot and the obscene installation time, these forced, unscheduled updates are often a costly disruption.
I'm not sure there is such a thing as a safe windows update. Every week, two or three articles come out about problems that the latest windows update cause; many of which I post for discussion amongst the regulars to this forum. While windows updates don't pose a direct threat to Ignition, they will almost without exception break certain configurations.
That said, the most direct way to stay ahead of the peripheral problems that windows updates will cause is in the Release Information section of microsoft's own website. The update packages will be listed there, and as problems with a specific update become known, they will be posted in a subsection of the version article called Known Issues and Notifications. For example, the April update that I've linked to was known to break VPN connections, and for a time that could be seen in this section of the website. That has since been moved to the Resolved Issues subsection, so if VPN connection breakages would have been a reason not to install this update, the update package is now safe on that count.
2 Likes
This reminds me I've been kicked out of the club !
Take a 2 weeks vacation and you're not a regular anymore !
6 Likes
I'm surprised you don't have a one-liner Python code touching the forum every day to keep you in the club!
5 Likes
same, though tbh i have been a bit less active on the forum lately xd
1 Like
I was actually referring to DeltaV...which I am sooo glad to be away from.
I am not familiar enough to go with Linux, plus unfortunately we have a lot of ignition installs that would need to be converted in an oil & gas production environment. There is no tolerance for downtime...persay...
As long as you're not doing anything specific to Windows, Ignition backups from my understanding can basically be backed up on Windows and restored to Linux without issues, although I'ven ever had to do it myself.
Oh god you just remnded me of a job I had once - we were trying to backup and restore a Aveva/Wonderware project from a computer and restore it on another. The restore kept failing and level 1 tech support couldn't figure out why.
Level 2 realized there were some hot fixes on our system that are not part of the default install. They were able to send us som - but also there were some individualized hot fixes for the Aveva software on the original system that they did not have and told us to ask the companies IT team if they had copies lol. This job luckily ended up being scrapped, but this was a week of going back and forth just trying to restore a backup.
I never once had 1/10th the issue restoring an Ignition backup even from much older versions. Every time I work with other HMI's I end up more and more grateful coming back to Ignition 
2 Likes
Watch for filesystem paths with backslashes or drive letters, but otherwise generally works.
1 Like